NASA's 10 rules for developing safety critical code
September 17, 2019

NASA's 10 Rules for Developing Safety-Critical Code

Security & Compliance
Static Analysis

By

NASA Jet Propulsion Laboratory’s Laboratory for Reliable Software developed a set of code guidelines for developing safety-critical code. The rules are intended to eliminate C coding practices that make it difficult to review or properly analyze with static analysis tools.

➡️ Experience How Klocwork Helps Enforce NASA's 10 Rules

Table of Contents

  1. The NASA’s 10 Rules
  2. How to Implement Safety-Critical Code
Back to top

The NASA’s 10 Rules

NASA’s 10 rules for developing safety-critical code are:

  1. Restrict all code to very simple control flow constructs—do not use goto statements, setjmp or longjmp constructs, or direct or indirect recursion.
  2. Give all loops a fixed upper bound.
  3. Do not use dynamic memory allocation after initialization.
  4. No function should be longer than what can be printed on a single sheet of paper in a standard format with one line per statement and one line per declaration.
  5. The code's assertion density should average to minimally two assertions per function.
  6. Declare all data objects at the smallest possible level of scope.
  7. Each calling function must check the return value of nonvoid functions, and each called function must check the validity of all parameters provided by the caller.
  8. The use of the preprocessor must be limited to the inclusion of header files and simple macro definitions.
  9. Limit pointer use to a single dereference, and do not use function pointers.
  10. Compile with all possible warnings active; all warnings should then be addressed before the release of the software.
Back to top

How to Implement Safety-Critical Code

The best way to ensure safety-critical code is to use a static code analyzer.

Static code analyzers enforce coding rules and flag standard violations. Klocwork comes with quality coding taxonomies — NASA, MISRA, and AUTOSAR — to ensure secure, reliable, and compliant software.

Enforce NASA Compliance with Klocwork

Running static analysis is an important part of the process of developing safety-critical applications and is a tool to use when complying with functional safety standards, such as IEC 61508 and EN 50128. Klocwork can check your code against the NASA coding practice guidelines to automatically flag violations and enforce its quality coding standard.

Try Klocwork for Safety-Critical Code

See for yourself how Klocwork helps ensure safety-critical code.

➡️ Start your free Klocwork trial

Back to top
Stuart Foster headshot.

Stuart Foster

Klocwork and Helix QAC Product Manager, Perforce

Stuart Foster has over 17 years of experience in mobile and software development. He has managed product development of consumer apps and enterprise software. Currently, he manages Klocwork and Helix QAC, Perforce’s market-leading code quality management solutions. He believes in developing products, features, and functionality that fit customer business needs and helps developers produce secure, reliable, and defect-free code. Stuart holds a bachelor’s degree in information technology, interactive multimedia and design from Carleton University, and an advanced diploma in multimedia design from the Algonquin College of Applied Arts and Technology.